From 6b9ee3067214f5bebbc0560ee066683fb18337b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rn=20Forsman?= Date: Tue, 12 Sep 2017 10:44:21 +0200 Subject: [PATCH] nixos/gitolite: don't leak nix store hash into gitolite-admin username/key It doesn't look good when the initial admin user is named "-gitolite-admin" and the key stored as "-gitolite-admin.pub". Instead, make it simply "gitolite-admin" and "gitolite-admin.pub". --- nixos/modules/services/misc/gitolite.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/misc/gitolite.nix b/nixos/modules/services/misc/gitolite.nix index 3b65bbab571..60fc9d58ed0 100644 --- a/nixos/modules/services/misc/gitolite.nix +++ b/nixos/modules/services/misc/gitolite.nix @@ -4,7 +4,8 @@ with lib; let cfg = config.services.gitolite; - pubkeyFile = pkgs.writeText "gitolite-admin.pub" cfg.adminPubkey; + # Use writeTextDir to not leak Nix store hash into file name + pubkeyFile = (pkgs.writeTextDir "gitolite-admin.pub" cfg.adminPubkey) + "/gitolite-admin.pub"; hooks = lib.concatMapStrings (hook: "${hook} ") cfg.commonHooks; in {