nixops: work around openssl3 pam_p11 breakage

2023-05-23 17:38:50 +08:00 · 2023-05-23 17:38:50 +08:00 · ffb286ba05
parent 2f704a7534
commit ffb286ba05
1 changed files with 9 additions and 4 deletions
--- a/nixops/desktop.nix
+++ b/nixops/desktop.nix
@ -15,11 +15,13 @@ in
      (./. + "/${host}-hardware-configuration.nix")
    ];
  nixpkgs.config.packageOverrides = super: let self = super.pkgs; in {
+    libp11 = super.libp11.override({ openssl = super.openssl_1_1; });
    pam_p11 = super.pam_p11.overrideAttrs(oa: {
-      patchPhase = oa.patchPhase or "" + ''
-          substituteInPlace src/match_openssh.c --replace \
-            '"%s/.ssh/authorized_keys", pw->pw_dir)' \
-            '"/etc/ssh/authorized_keys.d/%s", pw->pw_name)'
+      patches = [];
+      postPatch = ''
+        substituteInPlace src/match_openssh.c --replace \
+          '"%s/.ssh/authorized_keys", pw->pw_dir)' \
+          '"/etc/ssh/authorized_keys.d/%s", pw->pw_name)'
        '';
    });
    gnome = super.gnome // {
@ -28,6 +30,9 @@ in
        });
    };
  };
+  nixpkgs.config.permittedInsecurePackages = [
+    "openssl-1.1.1t"
+  ];

  networking.hostName = host;
  networking.firewall.allowedTCPPorts = [ 1883 ];