Skip to content

shadow: use /bin/sh as default shell#432117

Merged
fabianhjr merged 1 commit intoNixOS:stagingfrom
nikstur:shadow-bin-sh
Aug 13, 2025
Merged

shadow: use /bin/sh as default shell#432117
fabianhjr merged 1 commit intoNixOS:stagingfrom
nikstur:shadow-bin-sh

Conversation

@nikstur
Copy link
Contributor

@nikstur nikstur commented Aug 8, 2025
edited by fabianhjr
Loading

Drop the patch and substituteInPlace in postPatch as this is much easier to maintain than a patch.

See the comment in the code for the reason why using /bin/sh instead of the runtimeShell store path.

Shadow shouldn't depend on bash to essentially bring it's own default shell. This is inherently something to be picked up from the ambient environment. Since /bin/sh is the only place that we are basically guaranteed to have use that.

Part of #428908

Will only be bashless after the linux-pam changes from #429972 That's why I didn't add the usual outputChecks here.

Things done

  • Built on platform:
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • Tested, as applicable:
  • Ran nixpkgs-review on this PR. See nixpkgs-review usage.
  • Tested basic functionality of all binary files, usually in ./result/bin/.
  • Nixpkgs Release Notes
    • Package update: when the change is major or breaking.
  • NixOS Release Notes
    • Module addition: when adding a new NixOS module.
    • Module update: when the change is significant.
  • Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

Add a 👍 reaction to pull requests you find important.

@nikstur nikstur mentioned this pull request Aug 8, 2025
Closed
@nixpkgs-ci nixpkgs-ci bot added 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. 9.needs: reviewer This PR currently has no reviewers requested and needs attention. labels Aug 8, 2025
@nixpkgs-ci nixpkgs-ci bot added 12.approvals: 1 This PR was reviewed and approved by one person. and removed 9.needs: reviewer This PR currently has no reviewers requested and needs attention. labels Aug 10, 2025
@nikstur
Copy link
Contributor Author

nikstur commented Aug 10, 2025

Cherry picked this change onto master and ran these tests:

  • login
  • pam-file-contents
  • pam-oath-login
  • pam-u2f
  • pam-ussh
  • sssd-ldap

Also cross compiled from x86 to aarch64 via pkgs.pkgsCross.aarch64-multiplatform.shadow

pam-zfs-key is broken on master.

@nixpkgs-ci nixpkgs-ci bot added the 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS label Aug 10, 2025
@nikstur
shadow: use /bin/sh as default shell
494a1b4 
See the comment in the code for the reason why using /bin/sh instead of
the runtimeShell store path.

Drop the patch and substituteInPlace in postPatch as this is much easier
to maintain than a patch.

Ldap users should now set `loginShell` to
`/run/current-system/sw/bin/bash` if they want to retain bash as the
default shell. If this is not set, the default shell for logins will be
/bin/sh which can be "turned" into a normal interactive bash by typing
"bash".
@nixpkgs-ci nixpkgs-ci bot added 12.approvals: 2 This PR was reviewed and approved by two persons. and removed 12.approvals: 1 This PR was reviewed and approved by one person. labels Aug 10, 2025
@fabianhjr
Copy link
Member

fabianhjr commented Aug 13, 2025

Really neat, thanks for your work/contribution towards minimizing requirements.

Seems well tested enough for staging, merging.

@fabianhjr fabianhjr merged commit 93ff315 into NixOS:staging Aug 13, 2025
30 of 32 checks passed
@nikstur nikstur deleted the shadow-bin-sh branch August 14, 2025 08:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RaitoBezarius RaitoBezarius RaitoBezarius approved these changes

@arianvp arianvp arianvp approved these changes

Assignees

No one assigned

Labels

6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. 12.approvals: 2 This PR was reviewed and approved by two persons.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@nikstur @fabianhjr @RaitoBezarius @arianvp