OpenDoas
nixpkgs
OpenDoas | nixpkgs | |
---|---|---|
29 | 975 | |
600 | 15,753 | |
- | 2.8% | |
0.0 | 10.0 | |
about 2 months ago | 3 days ago | |
C | Nix | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
OpenDoas
-
A simple guide for configuring sudo and doas
Aditionally,because doas was developed for OpenBSD,it also retains some of its quirks,like how user-installed executables are stored in /usr/local/bin,in contrast to /usr/bin where Linux stores them. As a result,doas can have problems on Linux so the following workaround can be used:
-
The First Stable Release of a Rust-Rewrite Sudo Implementation
https://github.com/Duncaen/OpenDoas/issues/106
That's a pretty severe unsolved security issue.
-
Doas – dedicated OpenBSD application subexecutor
2. https://github.com/Duncaen/OpenDoas/blob/master/timestamp.c
-
Testing the memory safe Rust implementation of Sudo/Su
If you want to move away from Sudo, but don't want to try this rust implementation just yet, I have had great success with OpenBSD's doas. It has been ported to every Linux distro I know of as well:
https://github.com/Duncaen/OpenDoas
-
Doas Mastery (2019)
There are, at both ends. Both the "script kiddies" who cannot deviate from scripts because they lack almost any knowledge at all; and the knowledgeable ones who know that there are subtle differences between sudo and doas which require doing things slightly differently to achieve the same effect.
* https://github.com/Duncaen/OpenDoas/issues/116#issuecomment-...
-
Help me on gentoo
Doas makes more in openbsd world In linux there are many api that need to be changed for porting, i'm no expert but the port might be flawed as not many developers has checked the codebase And how can you explain this vulnerability https://github.com/Duncaen/OpenDoas/issues/106
-
Linux users who are paranoid about security.... what's your opinion about OpenBSD?
Personally I'd prefer running Qubes OS, if only my device would have been more powerful. Currently I'm on Fedora Silverblue as I believe it provides a decent middle-ground in which I'm more secure than almost any other Linux distro while not losing any (meaningful) functionality. I do make use of doas and other technologies inspired from OpenBSD to further enhance the security.
-
Sudo and Su Being Rewritten in Rust for Memory Safety
Why not port https://github.com/Duncaen/OpenDoas to rust instead?
If the goal is security, then there is more to it than just using a memory safe language. Otherwise the result of this, possibly unwittingly, seems performative.
- Bringing Memory Safety to sudo and su
- Using doas instead of sudo on Debian 11
nixpkgs
-
Nix: The Breaking Point
I don't think so. The article is probably intended for the Nix community, so the author doesn't need to convince HN that something is going on. If as an outsider you are interested then you need to look into it yourself, the community has no obligation to make their internal conflicts legible to the outside world.
As an outsider myself, it certainly looks like something is going on as more than 20 Nixpkg maintainers left in a week: https://github.com/NixOS/nixpkgs/issues?q=label%3A%228.has%3...
- Maintainers Leaving
-
Air Force picks Anduril, General Atomics to develop unmanned fighter jets
https://github.com/NixOS/nixpkgs/commits?author=neon-sunset
-
Eelco Dolstra's leadership is corrosive to the Nix project
I see two signers in the top 6 displayed on https://github.com/NixOS/nixpkgs/graphs/contributors
-
3rd Edition of Programming: Principles and Practice Using C++ by Stroustrup
For a single file script, nix can make the package management quite easy: https://github.com/NixOS/nixpkgs/blob/master/doc/languages-f...
For example,
```
- NixOS/nixpkgs: There isn't a clear canonical way to refer to a specific package
-
NixOS Is Not Reproducible
Yes, Nix doesn't actually ensure that the builds are deterministic. In fact it works just fine if they aren't. There are packages in nixpkgs that aren't reproducible: https://github.com/NixOS/nixpkgs/issues?q=is%3Aopen+is%3Aiss...
-
The xz attack shell script
I'm not familiar with Bazel, but Nix in it's current form wouldn't have solved this attack. First of all, the standard mkDerivation function calls the same configure; make; make install process that made this attack possible. Nixpkgs regularly pulls in external resources (fetchUrl and friends) that are equally vulnerable to a poisoned release tarball. Checkout the comment on the current xz entry in nixpkgs https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/comp...
-
Debian Git Monorepo
NixOS uses a monorepo and I think everyone's love it.
I love being able to easily grep through all the packages source code and there's regularly PRs that harmonizes conventions across many packages.
Nixpkgs doesn't include the packaged software source code, so it's a lot more practical than what Debian is doing.
https://github.com/NixOS/nixpkgs
-
From xz to ibus: more questionable tarballs
In this specific case, nix uses fetchFromGitHub to download the source archive, which are generated by GitHub for the specified revision[1]. Arch seems to just download the tarball from the releases page[2].
[1]: https://github.com/NixOS/nixpkgs/blob/3c2fdd0a4e6396fc310a6e...
[2]: https://gitlab.archlinux.org/archlinux/packaging/packages/ib...
What are some alternatives?
doas - A port of OpenBSD's doas which runs on FreeBSD, Linux, NetBSD, and illumos
asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
runas - An alternative to sudo and doas written in Rust
Home Manager using Nix - Manage a user environment using Nix [maintainer=@rycee]
bedrocklinux-userland - This tracks development for the things such as scripts and (defaults for) config files for Bedrock Linux
git-lfs - Git extension for versioning large files
tako - Run commands as another user
easyeffects - Limiter, compressor, convolver, equalizer and auto volume and many other plugins for PipeWire applications
koyo - Run commands as another user
spack - A flexible package manager that supports multiple versions, configurations, platforms, and compilers.
asroot - [Feature complete] A simpler alternative to sudo and doas
waydroid - Waydroid uses a container-based approach to boot a full Android system on a regular GNU/Linux system like Ubuntu.