public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #99173 from johanot/fix-initrd-ssh-commands-test

Browse Source 
nixos/initrd-ssh: set more defensive pemissions on sshd test key
This commit is contained in:
Sarah Brofeldt 2020-11-29 11:27:03 +01:00 committed by GitHub
commit a7a5f7904c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
nixos/modules/system/boot/initrd-ssh.nix
View File

@ -159,9 +159,14 @@ in
boot.initrd.extraUtilsCommandsTest = '' boot.initrd.extraUtilsCommandsTest = ''
# sshd requires a host key to check config, so we pass in the test's # sshd requires a host key to check config, so we pass in the test's
tmpkey="$(mktemp initrd-ssh-testkey.XXXXXXXXXX)"
cp "${../../../tests/initrd-network-ssh/ssh_host_ed25519_key}" "$tmpkey"
# keys from Nix store are world-readable, which sshd doesn't like
chmod 600 "$tmpkey"
echo -n ${escapeShellArg sshdConfig} | echo -n ${escapeShellArg sshdConfig} |
$out/bin/sshd -t -f /dev/stdin \ $out/bin/sshd -t -f /dev/stdin \
-h ${../../../tests/initrd-network-ssh/ssh_host_ed25519_key} -h "$tmpkey"
rm "$tmpkey"
''; '';
boot.initrd.network.postCommands = '' boot.initrd.network.postCommands = ''