Merge pull request #264369 from RaitoBezarius/drop-pamusb

  ./security/oath.nix

  ./security/pam.nix

  ./security/pam_mount.nix

  ./security/pam_usb.nix

  ./security/please.nix

  ./security/polkit.nix

  ./security/rngd.nix

        };

      };

      usbAuth = mkOption {

        default = config.security.pam.usb.enable;

        defaultText = literalExpression "config.security.pam.usb.enable";

        type = types.bool;

        description = lib.mdDoc ''

          If set, users listed in

          {file}`/etc/pamusb.conf` are able to log in

          with the associated USB key.

        '';

      };

      otpwAuth = mkOption {

        default = config.security.pam.enableOTPW;

        defaultText = literalExpression "config.security.pam.enableOTPW";

            authfile = u2f.authFile;

            appid = u2f.appId;

          }; })

          { name = "usb"; enable = cfg.usbAuth; control = "sufficient"; modulePath = "${pkgs.pam_usb}/lib/security/pam_usb.so"; }

          (let ussh = config.security.pam.ussh; in { name = "ussh"; enable = config.security.pam.ussh.enable && cfg.usshAuth; control = ussh.control; modulePath = "${pkgs.pam_ussh}/lib/security/pam_ussh.so"; settings = {

            ca_file = ussh.caFile;

            authorized_principals = ussh.authorizedPrincipals;

{ config, lib, pkgs, ... }:

with lib;

let

  cfg = config.security.pam.usb;

  anyUsbAuth = any (attrByPath ["usbAuth"] false) (attrValues config.security.pam.services);

in

{

  options = {

    security.pam.usb = {

      enable = mkOption {

        type = types.bool;

        default = false;

        description = lib.mdDoc ''

          Enable USB login for all login systems that support it.  For

          more information, visit <https://github.com/aluzzardi/pam_usb/wiki/Getting-Started#setting-up-devices-and-users>.

        '';

      };

    };

  };

  config = mkIf (cfg.enable || anyUsbAuth) {

    # Make sure pmount and pumount are setuid wrapped.

    security.wrappers = {

      pmount =

        { setuid = true;

          owner = "root";

          group = "root";

          source = "${pkgs.pmount.out}/bin/pmount";

        };

      pumount =

        { setuid = true;

          owner = "root";

          group = "root";

          source = "${pkgs.pmount.out}/bin/pumount";

        };

    };

    environment.systemPackages = [ pkgs.pmount ];

  };

}

{ lib, stdenv, fetchurl, makeWrapper, dbus, libxml2, pam, pkg-config, pmount, python2Packages, writeScript, runtimeShell }:

let

  # Search in the environment if the same program exists with a set uid or

  # set gid bit.  If it exists, run the first program found, otherwise run

  # the default binary.

  useSetUID = drv: path:

    let

      name = baseNameOf path;

      bin = "${drv}${path}";

    in assert name != "";

      writeScript "setUID-${name}" ''

        #!${runtimeShell}

        inode=$(stat -Lc %i ${bin})

        for file in $(type -ap ${name}); do

          case $(stat -Lc %a $file) in

            ([2-7][0-7][0-7][0-7])

              if test -r "$file".real; then

                orig=$(cat "$file".real)

                if test $inode = $(stat -Lc %i "$orig"); then

                  exec "$file" "$@"

                fi

              fi;;

          esac

        done

        exec ${bin} "$@"

      '';

  pmountBin = useSetUID pmount "/bin/pmount";

  pumountBin = useSetUID pmount "/bin/pumount";

  inherit (python2Packages) python dbus-python;

in

stdenv.mkDerivation rec {

  pname = "pam_usb";

  version = "0.5.0";

  src = fetchurl {

    url = "mirror://sourceforge/pamusb/pam_usb-${version}.tar.gz";

    sha256 = "1g1w0s9d8mfld8abrn405ll5grv3xgs0b0hsganrz6qafdq9j7q1";

  };

  nativeBuildInputs = [

    makeWrapper

    pkg-config

  ];

  buildInputs = [

    # pam_usb dependencies

    dbus libxml2 pam pmount

    # pam_usb's tools dependencies

    python

    # cElementTree is included with python 2.5 and later.

  ];

  preBuild = ''

    makeFlagsArray=(DESTDIR=$out)

    substituteInPlace ./src/volume.c \

      --replace 'pmount' '${pmountBin}' \

      --replace 'pumount' '${pumountBin}'

  '';

  # pmount is append to the PATH because pmounts binaries should have a set uid bit.

  postInstall = ''

    mv $out/usr/* $out/. # fix color */

    rm -rf $out/usr

    for prog in $out/bin/pamusb-conf $out/bin/pamusb-agent; do

      substituteInPlace $prog --replace '/usr/bin/env python' '/bin/python'

      wrapProgram $prog \

        --prefix PYTHONPATH : "$(toPythonPath ${dbus-python})"

    done

  '';

  meta = {

    homepage = "http://pamusb.org/";

    description = "Authentication using USB Flash Drives";

    license = lib.licenses.gpl2;

    platforms = lib.platforms.linux;

  };

}

  ### P ###

  packet-cli = metal-cli; # Added 2021-10-25

  PageEdit = pageedit; # Added 2024-01-21

  packet-cli = metal-cli; # Added 2021-10-25

  palemoon = throw "palemoon has been dropped due to python2 being EOL and marked insecure. Use 'palemoon-bin' instead"; # Added 2023-05-18

  pam_usb = throw "'pam_usb' has been removed: abandoned by upstream since 2015."; # Added 2023-10-30

  paper-note = throw "paper-note has been removed: abandoned by upstream"; # Added 2023-05-03

  paperless = paperless-ngx; # Added 2021-06-06

  paperless-ng = paperless-ngx; # Added 2022-04-11

  paper-note = throw "paper-note has been removed: abandoned by upstream"; # Added 2023-05-03

  parity = openethereum; # Added 2020-08-01

  partition-manager = libsForQt5.partitionmanager; # Added 2024-01-08

  pash = throw "'pash' has been removed: abandoned by upstream. Use 'powershell' instead"; # Added 2023-09-16