pyrox.dev
Merge pull request #99173 from johanot/fix-initrd-ssh-commands-test
nixos/initrd-ssh: set more defensive pemissions on sshd test key
authored by
Sarah Brofeldt
and committed by
GitHub
a7a5f790
a5b56b6a
+6
-1
nixos/modules/system/boot/initrd-ssh.nix
+6
-1
nixos/modules/system/boot/initrd-ssh.nix
···
159
159
160
160
boot.initrd.extraUtilsCommandsTest = ''
161
161
# sshd requires a host key to check config, so we pass in the test's
162
+
tmpkey="$(mktemp initrd-ssh-testkey.XXXXXXXXXX)"
163
+
cp "${../../../tests/initrd-network-ssh/ssh_host_ed25519_key}" "$tmpkey"
164
+
# keys from Nix store are world-readable, which sshd doesn't like
165
+
chmod 600 "$tmpkey"
162
166
echo -n ${escapeShellArg sshdConfig} |
163
167
$out/bin/sshd -t -f /dev/stdin \
164
-
-h ${../../../tests/initrd-network-ssh/ssh_host_ed25519_key}
168
+
-h "$tmpkey"
169
+
rm "$tmpkey"
165
170
'';
166
171
167
172
boot.initrd.network.postCommands = ''