Commit a939c13d authored by Sigmanificient's avatar Sigmanificient
Browse files

ecryptfs: drop

parent ea30586e

nixos/doc/manual/release-notes/rl-2605.section.md

+2 −0
Original line number Diff line number Diff line
@@ -71,6 +71,8 @@ of pulling the upstream container image from Docker Hub. If you want the old beh 


- Support for `reiserfs` in nixpkgs has been removed, following the removal in Linux 6.13.



- support for `ecryptfs` in nixpkgs has been removed.



- The `networking.wireless` module has been security hardened: the `wpa_supplicant` daemon now runs under an unprivileged user with restricted access to the system.



  As part of these changes, `/etc/wpa_supplicant.conf` has been deprecated: the NixOS-generated configuration file is now linked to `/etc/wpa_supplicant/nixos.conf` and `/etc/wpa_supplicant/imperative.conf` has been added for imperatively configuring `wpa_supplicant` or when using [allowAuxiliaryImperativeNetworks](#opt-networking.wireless.allowAuxiliaryImperativeNetworks).

nixos/modules/misc/locate.nix

+0 −1
Original line number Diff line number Diff line
@@ -89,7 +89,6 @@ in 
        "devfs"

        "devpts"

        "devtmpfs"

        "ecryptfs"

        "eventpollfs"

        "exofs"

        "futexfs"

nixos/modules/module-list.nix

+0 −2
Original line number Diff line number Diff line
@@ -202,7 +202,6 @@ 
  ./programs/droidcam.nix

  ./programs/dsearch.nix

  ./programs/dublin-traceroute.nix

  ./programs/ecryptfs.nix

  ./programs/ente-auth.nix

  ./programs/environment.nix

  ./programs/envision.nix
@@ -1918,7 +1917,6 @@ 
  ./tasks/filesystems/bindfs.nix

  ./tasks/filesystems/btrfs.nix

  ./tasks/filesystems/cifs.nix

  ./tasks/filesystems/ecryptfs.nix

  ./tasks/filesystems/envfs.nix

  ./tasks/filesystems/erofs.nix

  ./tasks/filesystems/exfat.nix

nixos/modules/programs/ecryptfs.nix

deleted100644 → 0
+0 −35
Original line number Diff line number Diff line 
{

  config,

  lib,

  pkgs,

  ...

}:



let

  cfg = config.programs.ecryptfs;



in

{

  options.programs.ecryptfs = {

    enable = lib.mkEnableOption "ecryptfs setuid mount wrappers";

  };



  config = lib.mkIf cfg.enable {

    security.wrappers = {



      "mount.ecryptfs_private" = {

        setuid = true;

        owner = "root";

        group = "root";

        source = "${lib.getBin pkgs.ecryptfs}/bin/mount.ecryptfs_private";

      };

      "umount.ecryptfs_private" = {

        setuid = true;

        owner = "root";

        group = "root";

        source = "${lib.getBin pkgs.ecryptfs}/bin/umount.ecryptfs_private";

      };



    };

  };

}

nixos/modules/rename.nix

+7 −0
Original line number Diff line number Diff line
@@ -74,6 +74,10 @@ in 
      "programs"

      "cardboard"

    ] "The corresponding package was removed from nixpkgs.")

    (mkRemovedOptionModule [

      "programs"

      "ecryptfs"

    ] "The corresponding package was removed from nixpkgs.")

    (mkRemovedOptionModule [

      "programs"

      "gnome-documents"
@@ -452,6 +456,9 @@ in 
    (mkRemovedOptionModule [ "services" "simplesamlphp" ] ''

      services.simplesamlphp has been vulnerable and unmaintained in nixpkgs.

    '')

    (mkRemovedOptionModule [ "security" "pam" "enableEcryptfs" ] ''

      security.pam.enableFscrypt was removed since it was unmaintained in nixpkgs.

    '')

    (mkRemovedOptionModule [ "security" "rngd" ] ''

      rngd is not necessary for any device that the kernel recognises

      as an hardware RNG, as it will automatically run the krngd task