-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dependencies update for rust[>=1.80] #20
Conversation
required for `time` dependency: time-rs/time#696
after updating dependencies, the build fails with error[E0432]: unresolved import `openssl_sys::geteuid`
Now getting
so something still needs fixing |
It works on my test setup. Could you provide logs in debug mode. |
and syslog:
which comes from
|
It also works on my NixOS desktop. my override{ config, lib, pkgs, self, ... }:
let
pam_rssh = pkgs.pam_rssh.override (old: {
rustPlatform.buildRustPackage = x: old.rustPlatform.buildRustPackage (
x // {
src = pkgs.fetchFromGitHub {
owner = "z4yx";
repo = "pam_rssh";
rev = "1d5bf963c9b1c5d3298bf563454e08bbeb9700c0";
hash = "sha256-T2edexuSjLsr7BL/cXwZEiwipplKueKpNNu40n3r4+o=";
fetchSubmodules = true;
};
cargoHash = "sha256-Z+axlIwCll1vrgRXCSiLmQzT84UjTYy6rE2/B2KUB/g=";
}
);
});
in
{
config = {
# libpam_rssh
security.pam.services.sudo.text = lib.mkDefault (lib.mkBefore ''
auth sufficient ${pam_rssh}/lib/libpam_rssh.so auth_key_file=/etc/ssh/authorized_keys.d/rvfg
'');
security.sudo.extraConfig = ''
Defaults env_keep+=SSH_AUTH_SOCK
'';
};
} |
According to pam man pages, PAM_USER can be changed by other modules in pam stack. https://www.man7.org/linux/man-pages/man3/pam_get_item.3.html Is pam_rssh the first module in your pam.d/sudo config? |
this is only an issue when there's no
i've tried making it the first module and get the same behaviour. my pam config hasn't changed, this only started happening after rebuilding with rust-1.80.1 |
digging a bit more, it appears that |
have also rebuilt pam with some debug logging, and also, looks like this crate is no longer maintained so maybe its worth migrating pam_rssh to something else? (anowell/pam-rs#13 (comment)) |
I've replaced get_user with get_item, which is the low-level interface. Could you try the branch |
Yep, that seems to have fixed it! thanks! |
Great! I think get_item is more appropriate than get_user, because it doesn't prompt for user input when PAM_USER is not set. |
No description provided.