pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #181197 from bjornfor/fix-ddclient-password-leak

authored by

Sandro and committed by
GitHub 78fff7ed 7df109ca

+3 -4
unified split
+3 -4
nixos/modules/services/networking/ddclient.nix
··· 13 foreground=YES 14 use=${cfg.use} 15 login=${cfg.username} 16 - password=${lib.optionalString (cfg.protocol == "nsupdate") "/run/${RuntimeDirectory}/ddclient.key"} 17 protocol=${cfg.protocol} 18 ${lib.optionalString (cfg.script != "") "script=${cfg.script}"} 19 ${lib.optionalString (cfg.server != "") "server=${cfg.server}"} ··· 33 ${lib.optionalString (cfg.configFile == null) (if (cfg.protocol == "nsupdate") then '' 34 install ${cfg.passwordFile} /run/${RuntimeDirectory}/ddclient.key 35 '' else if (cfg.passwordFile != null) then '' 36 - password=$(printf "%q" "$(head -n 1 "${cfg.passwordFile}")") 37 - sed -i "s|^password=$|password=$password|" /run/${RuntimeDirectory}/ddclient.conf 38 '' else '' 39 - sed -i '/^password=$/d' /run/${RuntimeDirectory}/ddclient.conf 40 '')} 41 ''; 42
··· 13 foreground=YES 14 use=${cfg.use} 15 login=${cfg.username} 16 + password=${if cfg.protocol == "nsupdate" then "/run/${RuntimeDirectory}/ddclient.key" else "@password_placeholder@"} 17 protocol=${cfg.protocol} 18 ${lib.optionalString (cfg.script != "") "script=${cfg.script}"} 19 ${lib.optionalString (cfg.server != "") "server=${cfg.server}"} ··· 33 ${lib.optionalString (cfg.configFile == null) (if (cfg.protocol == "nsupdate") then '' 34 install ${cfg.passwordFile} /run/${RuntimeDirectory}/ddclient.key 35 '' else if (cfg.passwordFile != null) then '' 36 + "${pkgs.replace-secret}/bin/replace-secret" "@password_placeholder@" "${cfg.passwordFile}" "/run/${RuntimeDirectory}/ddclient.conf" 37 '' else '' 38 + sed -i '/^password=@password_placeholder@$/d' /run/${RuntimeDirectory}/ddclient.conf 39 '')} 40 ''; 41