public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #89951 from KoviRobi/nixos-user-name-not-attr-name

Browse Source 
nixos/users-groups: Use user name not attribute name for /etc/profiles/…
This commit is contained in:
Lassulus 2021-04-05 13:52:25 +02:00 committed by GitHub
commit e2080b39e6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
nixos/modules/config/users-groups.nix
View File

@ -593,8 +593,8 @@ in {
# password or an SSH authorized key. Privileged accounts are # password or an SSH authorized key. Privileged accounts are
# root and users in the wheel group. # root and users in the wheel group.
assertion = !cfg.mutableUsers -> assertion = !cfg.mutableUsers ->
any id ((mapAttrsToList (name: cfg: any id ((mapAttrsToList (_: cfg:
(name == "root" (cfg.name == "root"
|| cfg.group == "wheel" || cfg.group == "wheel"
|| elem "wheel" cfg.extraGroups) || elem "wheel" cfg.extraGroups)
&& &&
@ -615,16 +615,16 @@ in {
assertion = (user.hashedPassword != null) assertion = (user.hashedPassword != null)
-> (builtins.match ".*:.*" user.hashedPassword == null); -> (builtins.match ".*:.*" user.hashedPassword == null);
message = '' message = ''
The password hash of user "${name}" contains a ":" character. The password hash of user "${user.name}" contains a ":" character.
This is invalid and would break the login system because the fields This is invalid and would break the login system because the fields
of /etc/shadow (file where hashes are stored) are colon-separated. of /etc/shadow (file where hashes are stored) are colon-separated.
Please check the value of option `users.users."${name}".hashedPassword`.''; Please check the value of option `users.users."${user.name}".hashedPassword`.'';
} }
); );
warnings = warnings =
builtins.filter (x: x != null) ( builtins.filter (x: x != null) (
flip mapAttrsToList cfg.users (name: user: flip mapAttrsToList cfg.users (_: user:
# This regex matches a subset of the Modular Crypto Format (MCF)[1] # This regex matches a subset of the Modular Crypto Format (MCF)[1]
# informal standard. Since this depends largely on the OS or the # informal standard. Since this depends largely on the OS or the
# specific implementation of crypt(3) we only support the (sane) # specific implementation of crypt(3) we only support the (sane)
@ -647,9 +647,9 @@ in {
&& user.hashedPassword != "" # login without password && user.hashedPassword != "" # login without password
&& builtins.match mcf user.hashedPassword == null) && builtins.match mcf user.hashedPassword == null)
then '' then ''
The password hash of user "${name}" may be invalid. You must set a The password hash of user "${user.name}" may be invalid. You must set a
valid hash or the user will be locked out of their account. Please valid hash or the user will be locked out of their account. Please
check the value of option `users.users."${name}".hashedPassword`.'' check the value of option `users.users."${user.name}".hashedPassword`.''
else null else null
)); ));