diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2024-02-17 00:02:47 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-02-17 00:02:47 +0000 |
commit | daaa4e1653d22f0191a43061197d4339137c43b5 (patch) | |
tree | e37107418d864137ca3a26b30eaf4fab02454a45 /nixos/modules/config | |
parent | 6d90f723884252ac86f2bb5b744a265e9cb3193d (diff) | |
parent | bf4c9c5a86bb21d4a8797769a7a93f8193b984da (diff) | |
download | nixlib-daaa4e1653d22f0191a43061197d4339137c43b5.tar nixlib-daaa4e1653d22f0191a43061197d4339137c43b5.tar.gz nixlib-daaa4e1653d22f0191a43061197d4339137c43b5.tar.bz2 nixlib-daaa4e1653d22f0191a43061197d4339137c43b5.tar.lz nixlib-daaa4e1653d22f0191a43061197d4339137c43b5.tar.xz nixlib-daaa4e1653d22f0191a43061197d4339137c43b5.tar.zst nixlib-daaa4e1653d22f0191a43061197d4339137c43b5.zip |
Merge staging-next into staging
Diffstat (limited to 'nixos/modules/config')
-rw-r--r-- | nixos/modules/config/users-groups.nix | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 967ad0846d75..dd34771c0b42 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -649,7 +649,6 @@ in { home = "/root"; shell = mkDefault cfg.defaultUserShell; group = "root"; - initialHashedPassword = mkDefault "!"; }; nobody = { uid = ids.uids.nobody; @@ -897,7 +896,26 @@ in { )); warnings = - builtins.filter (x: x != null) ( + flip concatMap (attrValues cfg.users) (user: let + unambiguousPasswordConfiguration = 1 >= length (filter (x: x != null) ([ + user.hashedPassword + user.hashedPasswordFile + user.password + ] ++ optionals cfg.mutableUsers [ + # For immutable users, initialHashedPassword is set to hashedPassword, + # so using these options would always trigger the assertion. + user.initialHashedPassword + user.initialPassword + ])); + in optional (!unambiguousPasswordConfiguration) '' + The user '${user.name}' has multiple of the options + `hashedPassword`, `password`, `hashedPasswordFile`, `initialPassword` + & `initialHashedPassword` set to a non-null value. + The options silently discard others by the order of precedence + given above which can lead to surprising results. To resolve this warning, + set at most one of the options above to a non-`null` value. + '') + ++ builtins.filter (x: x != null) ( flip mapAttrsToList cfg.users (_: user: # This regex matches a subset of the Modular Crypto Format (MCF)[1] # informal standard. Since this depends largely on the OS or the |