public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #6842 from philandstuff/hash-owncloud-admin-password 

owncloud: don't store plaintext adminPassword in nix store
This commit is contained in:
lethalman 2015-03-17 12:59:58 +01:00
parent ccd693bb7c 7ad6dac43b
commit c91ccb4b9c
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nixos/modules/services/web-servers/apache-httpd/owncloud.nix
View File

@ -384,8 +384,7 @@ rec {
};
adminPassword = mkOption {
description = "The admin password for accessing owncloud.
Warning: this is stored in cleartext in the Nix store!";
description = "The admin password for accessing owncloud.";
};
dbType = mkOption {
@ -571,7 +570,7 @@ rec {
chown wwwrun:wwwrun ${config.dataDir}/owncloud.log || true
QUERY="INSERT INTO groups (gid) values('admin'); INSERT INTO users (uid,password) values('${config.adminUser}','`echo -n "${config.adminPassword}" | ${pkgs.openssl}/bin/openssl dgst -sha1 | ${pkgs.gawk}/bin/awk '{print $2}'`'); INSERT INTO group_user (gid,uid) values('admin','${config.adminUser}');"
QUERY="INSERT INTO groups (gid) values('admin'); INSERT INTO users (uid,password) values('${config.adminUser}','${builtins.hashString "sha1" config.adminPassword}'); INSERT INTO group_user (gid,uid) values('admin','${config.adminUser}');"
${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/psql -h "/tmp" -U postgres -d ${config.dbName} -Atw -c "$QUERY" || true
'';
}