diff options
Diffstat (limited to 'nixpkgs/nixos/modules/config')
| -rw-r--r-- | nixpkgs/nixos/modules/config/i18n.nix | 3 | ||||
| -rw-r--r-- | nixpkgs/nixos/modules/config/system-path.nix | 5 | ||||
| -rw-r--r-- | nixpkgs/nixos/modules/config/users-groups.nix | 32 |
3 files changed, 36 insertions, 4 deletions
diff --git a/nixpkgs/nixos/modules/config/i18n.nix b/nixpkgs/nixos/modules/config/i18n.nix index cc2ddda9d32f..feb76581a720 100644 --- a/nixpkgs/nixos/modules/config/i18n.nix +++ b/nixpkgs/nixos/modules/config/i18n.nix @@ -68,7 +68,8 @@ with lib; config = { environment.systemPackages = - optional (config.i18n.supportedLocales != []) config.i18n.glibcLocales; + # We increase the priority a little, so that plain glibc in systemPackages can't win. + optional (config.i18n.supportedLocales != []) (lib.setPrio (-1) config.i18n.glibcLocales); environment.sessionVariables = { LANG = config.i18n.defaultLocale; diff --git a/nixpkgs/nixos/modules/config/system-path.nix b/nixpkgs/nixos/modules/config/system-path.nix index 4100ec897016..ae9710e3518b 100644 --- a/nixpkgs/nixos/modules/config/system-path.nix +++ b/nixpkgs/nixos/modules/config/system-path.nix @@ -8,8 +8,7 @@ with lib; let requiredPackages = map (pkg: setPrio ((pkg.meta.priority or 5) + 3) pkg) - [ config.nix.package - pkgs.acl + [ pkgs.acl pkgs.attr pkgs.bashInteractive # bash with ncurses support pkgs.bzip2 @@ -33,7 +32,6 @@ let pkgs.nano pkgs.ncurses pkgs.netcat - pkgs.nix-info config.programs.ssh.package pkgs.perl pkgs.procps @@ -43,6 +41,7 @@ let pkgs.time pkgs.utillinux pkgs.which # 88K size + pkgs.zstd ]; in diff --git a/nixpkgs/nixos/modules/config/users-groups.nix b/nixpkgs/nixos/modules/config/users-groups.nix index 141e43fec39b..7fbbfcec7510 100644 --- a/nixpkgs/nixos/modules/config/users-groups.nix +++ b/nixpkgs/nixos/modules/config/users-groups.nix @@ -600,6 +600,38 @@ in { } ]; + warnings = + builtins.filter (x: x != null) ( + flip mapAttrsToList cfg.users (name: user: + # This regex matches a subset of the Modular Crypto Format (MCF)[1] + # informal standard. Since this depends largely on the OS or the + # specific implementation of crypt(3) we only support the (sane) + # schemes implemented by glibc and BSDs. In particular the original + # DES hash is excluded since, having no structure, it would validate + # common mistakes like typing the plaintext password. + # + # [1]: https://en.wikipedia.org/wiki/Crypt_(C) + let + sep = "\\$"; + base64 = "[a-zA-Z0-9./]+"; + id = "[a-z0-9-]+"; + value = "[a-zA-Z0-9/+.-]+"; + options = "${id}(=${value})?(,${id}=${value})*"; + scheme = "${id}(${sep}${options})?"; + content = "${base64}${sep}${base64}"; + mcf = "^${sep}${scheme}${sep}${content}$"; + in + if (user.hashedPassword != null + && builtins.match mcf user.hashedPassword == null) + then + '' + The password hash of user "${name}" may be invalid. You must set a + valid hash or the user will be locked out of his account. Please + check the value of option `users.users."${name}".hashedPassword`. + '' + else null + )); + }; } |