Merge pull request #99173 from johanot/fix-initrd-ssh-commands-test

nixos/initrd-ssh: set more defensive pemissions on sshd test key

authored by

Sarah Brofeldt and committed by
GitHub
a7a5f790 a5b56b6a

+6 -1
+6 -1
nixos/modules/system/boot/initrd-ssh.nix
··· 159 159 160 160 boot.initrd.extraUtilsCommandsTest = '' 161 161 # sshd requires a host key to check config, so we pass in the test's 162 + tmpkey="$(mktemp initrd-ssh-testkey.XXXXXXXXXX)" 163 + cp "${../../../tests/initrd-network-ssh/ssh_host_ed25519_key}" "$tmpkey" 164 + # keys from Nix store are world-readable, which sshd doesn't like 165 + chmod 600 "$tmpkey" 162 166 echo -n ${escapeShellArg sshdConfig} | 163 167 $out/bin/sshd -t -f /dev/stdin \ 164 - -h ${../../../tests/initrd-network-ssh/ssh_host_ed25519_key} 168 + -h "$tmpkey" 169 + rm "$tmpkey" 165 170 ''; 166 171 167 172 boot.initrd.network.postCommands = ''