Unverified Commit 062b5b64 authored by Adam C. Stephens's avatar Adam C. Stephens Committed by GitHub
Browse files

Merge pull request #335441 from emilylange/nixos-forgejo-pam 

forgejo,forgejo-lts: remove PAM support
parents 9b0dea91 aab0392f

.github/CODEOWNERS

+1 −1
Original line number Diff line number Diff line
@@ -325,7 +325,7 @@ pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt 


# Forgejo

nixos/modules/services/misc/forgejo.nix @adamcstephens @bendlas @emilylange

pkgs/by-name/fo/forgejo/package.nix     @adamcstephens @bendlas @emilylange

pkgs/by-name/fo/forgejo/                @adamcstephens @bendlas @emilylange



# Dotnet

/pkgs/build-support/dotnet                  @corngood

nixos/doc/manual/release-notes/rl-2411.section.md

+2 −0
Original line number Diff line number Diff line
@@ -180,6 +180,8 @@ 
  `services.forgejo.secrets` is a small wrapper over systemd's `LoadCredential=`. It has the same structure (sections/keys) as

  `services.forgejo.settings` but takes file paths that will be read before service startup instead of some plaintext value.



- `forgejo` and `forgejo-lts` no longer support the opt-in feature [PAM (Pluggable Authentication Module)](https://forgejo.org/docs/latest/user/authentication/#pam-pluggable-authentication-module).



- `services.ddclient.use` has been deprecated: `ddclient` now supports separate IPv4 and IPv6 configuration. Use `services.ddclient.usev4` and `services.ddclient.usev6` instead.



- `teleport` has been upgraded from major version 15 to major version 16.

pkgs/by-name/fo/forgejo/generic.nix

+1 −7
Original line number Diff line number Diff line
@@ -17,8 +17,6 @@ 
, nix-update-script

, nixosTests

, openssh

, pam

, pamSupport ? true

, sqliteSupport ? true

, xorg

, runCommand
@@ -68,8 +66,6 @@ buildGoModule rec { 
    makeWrapper

  ];



  buildInputs = lib.optional pamSupport pam;



  nativeCheckInputs = [

    git

    openssh
@@ -83,8 +79,7 @@ buildGoModule rec { 
    substituteInPlace modules/setting/server.go --subst-var data

  '';



  tags = lib.optional pamSupport "pam"

    ++ lib.optionals sqliteSupport [ "sqlite" "sqlite_unlock_notify" ];

  tags = lib.optionals sqliteSupport [ "sqlite" "sqlite_unlock_notify" ];



  ldflags = [

    "-s"
@@ -115,7 +110,6 @@ buildGoModule rec { 
      skippedTests = [

        "Test_SSHParsePublicKey/dsa-1024/SSHKeygen" # dsa-1024 is deprecated in openssh and requires opting-in at compile time

        "Test_calcFingerprint/dsa-1024/SSHKeygen" # dsa-1024 is deprecated in openssh and requires opting-in at compile time

        "TestPamAuth" # we don't have PAM set up in the build sandbox

        "TestPassword" # requires network: api.pwnedpasswords.com

        "TestCaptcha" # requires network: hcaptcha.com

        "TestDNSUpdate" # requires network: release.forgejo.org