nixos/sudo: Refactor checks for Todd C. Miller's implemetation

2023-09-07 12:08:28 +00:00 · 2023-09-07 12:08:28 +00:00 · 8b9e867ac8
parent f5aadb56be
commit 8b9e867ac8
1 changed files with 5 additions and 3 deletions
--- a/nixos/modules/security/sudo.nix
+++ b/nixos/modules/security/sudo.nix
@ -4,13 +4,15 @@ with lib;

 let

+  inherit (pkgs) sudo;
+
  cfg = config.security.sudo;

  enableSSHAgentAuth =
    with config.security;
    pam.enableSSHAgentAuth && pam.sudo.sshAgentAuth;

-  inherit (pkgs) sudo;
+  usingMillersSudo = cfg.package.pname == sudo.pname;

  toUserString = user: if (isInt user) then "#${toString user}" else "${user}";
  toGroupString = group: if (isInt group) then "%#${toString group}" else "%${group}";
@ -197,8 +199,8 @@ in

  config = mkIf cfg.enable {
    assertions = [
-      { assertion = cfg.package.pname != "sudo-rs";
-        message = "The NixOS `sudo` module does not work with `sudo-rs` yet."; }
+      { assertion = usingMillersSudo;
+        message = "The NixOS `sudo` module does not yet work with other implementations."; }
    ];

    # We `mkOrder 600` so that the default rule shows up first, but there is