diff options
author | Maximilian Bosch <maximilian@mbosch.me> | 2023-09-27 22:59:13 +0200 |
---|---|---|
committer | Yt <happysalada@tuta.io> | 2023-09-28 00:11:31 +0000 |
commit | e515dce8924197fceb090d9ba46cbb926a5784eb (patch) | |
tree | c113993801ffb87cf7c73cb34df69aa2c184e728 /nixos | |
parent | 248a83fffc10b627da67fa6b25d2c13fc7542628 (diff) | |
download | nixlib-e515dce8924197fceb090d9ba46cbb926a5784eb.tar nixlib-e515dce8924197fceb090d9ba46cbb926a5784eb.tar.gz nixlib-e515dce8924197fceb090d9ba46cbb926a5784eb.tar.bz2 nixlib-e515dce8924197fceb090d9ba46cbb926a5784eb.tar.lz nixlib-e515dce8924197fceb090d9ba46cbb926a5784eb.tar.xz nixlib-e515dce8924197fceb090d9ba46cbb926a5784eb.tar.zst nixlib-e515dce8924197fceb090d9ba46cbb926a5784eb.zip |
nixos/sshd: fix sshd.conf validity check
When using e.g. `{ addr = "[::]"; port = 22; }` at `listenAddresses`, the check fails because of an escaping issue[1] with last 1 log lines: > Invalid test mode specification -f For full logs, run 'nix log /nix/store/c6pbpw5hjkjgipmarwyic9zyqr1xaix5-check-sshd-config.drv' Using `lib.escapeShellArg` appears to solve the problem. [1] https://github.com/NixOS/nixpkgs/pull/256090#issuecomment-1738063528
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 2 | ||||
-rw-r--r-- | nixos/tests/openssh.nix | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index bf2f5230c738..327d19daca30 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -583,7 +583,7 @@ in (lport: "sshd -G -T -C lport=${toString lport} -f ${sshconf} > /dev/null") cfg.ports} ${concatMapStringsSep "\n" - (la: "sshd -G -T -C laddr=${la.addr},lport=${toString la.port} -f ${sshconf} > /dev/null") + (la: "sshd -G -T -C ${escapeShellArg "laddr=${la.addr},lport=${toString la.port}"} -f ${sshconf} > /dev/null") cfg.listenAddresses} touch $out '') diff --git a/nixos/tests/openssh.nix b/nixos/tests/openssh.nix index d771ffd3e0f7..e88625678fec 100644 --- a/nixos/tests/openssh.nix +++ b/nixos/tests/openssh.nix @@ -57,7 +57,7 @@ in { { services.openssh = { - enable = true; listenAddresses = [ { addr = "127.0.0.1"; port = 22; } ]; + enable = true; listenAddresses = [ { addr = "127.0.0.1"; port = 22; } { addr = "[::]"; port = 22; } ]; extraConfig = '' # Combined test for two (predictable) Match criterias Match LocalAddress 127.0.0.1 LocalPort 22 |