mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-09-20 04:19:00 +02:00
Merge pull request #300716 from LeSuisse/openssh-dsa-keys
openssh: disable support for DSA keys by default
This commit is contained in:
commit
8bd499b34a
|
@ -208,6 +208,9 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
|
||||||
"mysecret"` becomes `services.aria2.rpcSecretFile = "/path/to/secret_file"`
|
"mysecret"` becomes `services.aria2.rpcSecretFile = "/path/to/secret_file"`
|
||||||
where the file `secret_file` contains the string `mysecret`.
|
where the file `secret_file` contains the string `mysecret`.
|
||||||
|
|
||||||
|
- `openssh`, `openssh_hpn` and `openssh_gssapi` are now compiled without support for the DSA signature algorithm as it is being deprecated upstream. Users still relying on DSA keys should consider upgrading
|
||||||
|
to another signature algorithm. It is however possible, for the time being, to restore the DSA keys support using `override` to set `dsaKeysSupport = true`.
|
||||||
|
|
||||||
- `buildGoModule` now throws error when `vendorHash` is not specified. `vendorSha256`, deprecated in Nixpkgs 23.11, is now ignored and is no longer a `vendorHash` alias.
|
- `buildGoModule` now throws error when `vendorHash` is not specified. `vendorSha256`, deprecated in Nixpkgs 23.11, is now ignored and is no longer a `vendorHash` alias.
|
||||||
|
|
||||||
- Invidious has changed its default database username from `kemal` to `invidious`. Setups involving an externally provisioned database (i.e. `services.invidious.database.createLocally == false`) should adjust their configuration accordingly. The old `kemal` user will not be removed automatically even when the database is provisioned automatically.(https://github.com/NixOS/nixpkgs/pull/265857)
|
- Invidious has changed its default database username from `kemal` to `invidious`. Setups involving an externally provisioned database (i.e. `services.invidious.database.createLocally == false`) should adjust their configuration accordingly. The old `kemal` user will not be removed automatically even when the database is provisioned automatically.(https://github.com/NixOS/nixpkgs/pull/265857)
|
||||||
|
|
|
@ -30,6 +30,7 @@
|
||||||
, nixosTests
|
, nixosTests
|
||||||
, withFIDO ? stdenv.hostPlatform.isUnix && !stdenv.hostPlatform.isMusl
|
, withFIDO ? stdenv.hostPlatform.isUnix && !stdenv.hostPlatform.isMusl
|
||||||
, withPAM ? stdenv.hostPlatform.isLinux
|
, withPAM ? stdenv.hostPlatform.isLinux
|
||||||
|
, dsaKeysSupport ? false
|
||||||
, linkOpenssl ? true
|
, linkOpenssl ? true
|
||||||
}:
|
}:
|
||||||
|
|
||||||
|
@ -84,6 +85,7 @@ stdenv.mkDerivation {
|
||||||
"--with-libedit=yes"
|
"--with-libedit=yes"
|
||||||
"--disable-strip"
|
"--disable-strip"
|
||||||
(lib.withFeature withPAM "pam")
|
(lib.withFeature withPAM "pam")
|
||||||
|
(lib.enableFeature dsaKeysSupport "dsa-keys")
|
||||||
] ++ lib.optional (etcDir != null) "--sysconfdir=${etcDir}"
|
] ++ lib.optional (etcDir != null) "--sysconfdir=${etcDir}"
|
||||||
++ lib.optional withFIDO "--with-security-key-builtin=yes"
|
++ lib.optional withFIDO "--with-security-key-builtin=yes"
|
||||||
++ lib.optional withKerberos (assert libkrb5 != null; "--with-kerberos5=${libkrb5}")
|
++ lib.optional withKerberos (assert libkrb5 != null; "--with-kerberos5=${libkrb5}")
|
||||||
|
|
Loading…
Reference in a new issue