diff options
author | Sarah Brofeldt <sbrofeldt@gmail.com> | 2020-11-29 11:27:03 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-11-29 11:27:03 +0100 |
commit | a7a5f7904c4437d24574d4fb66f4b20e98c9a3a7 (patch) | |
tree | 8a91ecc14538b998af7d686b4940ba631141ccd0 /nixos/modules | |
parent | a5b56b6ae8e15e5151e57e524b9f990cafd97e37 (diff) | |
parent | 8f5949fd46c9ae3085e55cf3439cda2ee75b35d8 (diff) |
Merge pull request #99173 from johanot/fix-initrd-ssh-commands-test
nixos/initrd-ssh: set more defensive pemissions on sshd test key
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/system/boot/initrd-ssh.nix | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/nixos/modules/system/boot/initrd-ssh.nix b/nixos/modules/system/boot/initrd-ssh.nix index f7ef261037090..00ac83a189724 100644 --- a/nixos/modules/system/boot/initrd-ssh.nix +++ b/nixos/modules/system/boot/initrd-ssh.nix @@ -159,9 +159,14 @@ in boot.initrd.extraUtilsCommandsTest = '' # sshd requires a host key to check config, so we pass in the test's + tmpkey="$(mktemp initrd-ssh-testkey.XXXXXXXXXX)" + cp "${../../../tests/initrd-network-ssh/ssh_host_ed25519_key}" "$tmpkey" + # keys from Nix store are world-readable, which sshd doesn't like + chmod 600 "$tmpkey" echo -n ${escapeShellArg sshdConfig} | $out/bin/sshd -t -f /dev/stdin \ - -h ${../../../tests/initrd-network-ssh/ssh_host_ed25519_key} + -h "$tmpkey" + rm "$tmpkey" ''; boot.initrd.network.postCommands = '' |