Merge branch 'nixos-unstable' of https://github.com/NixOS/nixpkgs

Conflicts:
	nixpkgs/nixos/modules/config/console.nix
	nixpkgs/nixos/modules/services/mail/mailman.nix
	nixpkgs/nixos/modules/services/mail/public-inbox.nix
	nixpkgs/nixos/modules/services/mail/rss2email.nix
	nixpkgs/nixos/modules/services/networking/ssh/sshd.nix
	nixpkgs/pkgs/applications/networking/instant-messengers/dino/default.nix
	nixpkgs/pkgs/applications/networking/irc/weechat/default.nix
	nixpkgs/pkgs/applications/window-managers/sway/default.nix
	nixpkgs/pkgs/build-support/go/module.nix
	nixpkgs/pkgs/build-support/rust/build-rust-package/default.nix
	nixpkgs/pkgs/development/interpreters/python/default.nix
	nixpkgs/pkgs/development/node-packages/overrides.nix
	nixpkgs/pkgs/development/tools/b4/default.nix
	nixpkgs/pkgs/servers/dict/dictd-db.nix
	nixpkgs/pkgs/servers/mail/public-inbox/default.nix
	nixpkgs/pkgs/tools/security/pinentry/default.nix
	nixpkgs/pkgs/tools/text/unoconv/default.nix
	nixpkgs/pkgs/top-level/all-packages.nix

1 files changed, 70 insertions, 0 deletions

diff --git a/nixpkgs/pkgs/development/libraries/libxcrypt/check_passthru_matches.py b/nixpkgs/pkgs/development/libraries/libxcrypt/check_passthru_matches.py
new file mode 100644
index 000000000000..ebe728e9a69b
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/libxcrypt/check_passthru_matches.py
@@ -0,0 +1,70 @@
+import tarfile
+import sys
+
+
+def process_columns(line: list[str]) -> tuple[str, list[str]]:
+    match line:
+        case [name, h_prefix, nrbytes, flags]:
+            return (h_prefix, flags.lower().split(","))
+        case other:
+            raise Exception("Unsupported hashes.conf line format", other)
+
+
+def find_tar_file(tar: tarfile.TarFile, requested_name: str):
+    """Attempts to find a single file with given name in tarball."""
+    all_names = tar.getnames()
+
+    if requested_name in all_names:
+        return requested_name
+
+    requested_suffix = f"/{requested_name}"
+    candidate_names = [name for name in all_names if name.endswith(requested_suffix)]
+    match candidate_names:
+        case [real_name]:
+            return real_name
+        case other:
+            raise KeyError(
+                f"Could not locate a single {requested_name} in the contents of the tarball."
+            )
+
+
+hashes_path = "lib/hashes.conf"
+
+
+def main() -> None:
+    match sys.argv:
+        case [_name, src, enable_hashes, "--", *enabled_crypt_scheme_ids]:
+            pass
+        case other:
+            raise Exception(
+                "Incorrect number of arguments. Usage: check_passthru_matches.py <src> <enable_hashes> -- <enabled_crypt_scheme_ids...>"
+            )
+
+    with tarfile.open(src, "r") as tar:
+        real_hashes_path = find_tar_file(tar, hashes_path)
+        config = tar.extractfile(real_hashes_path).read().decode("utf-8")
+
+    formats = [
+        process_columns(columns)
+        for line in config.splitlines()
+        if not line.startswith("#") and len(columns := line.split()) > 0
+    ]
+    expected_supported_formats = set(
+        prefix
+        for (prefix, flags) in formats
+        if enable_hashes in flags or enable_hashes == "all"
+    )
+    passthru_supported_schemes = set(
+        f"${scheme}$" for scheme in enabled_crypt_scheme_ids
+    )
+
+    assert (
+        len(expected_supported_formats - passthru_supported_schemes) == 0
+    ), f"libxcrypt package enables the following crypt schemes that are not listed in passthru.enabledCryptSchemeIds: {expected_supported_formats - passthru_supported_schemes}"
+    assert (
+        len(passthru_supported_schemes - expected_supported_formats) == 0
+    ), f"libxcrypt package lists the following crypt schemes in passthru.enabledCryptSchemeIds that are not supported: {passthru_supported_schemes - expected_supported_formats}"
+
+
+if __name__ == "__main__":
+    main()