Merge pull request #89951 from KoviRobi/nixos-user-name-not-attr-name

nixos/users-groups: Use user name not attribute name for /etc/profiles/…
This commit is contained in:
Lassulus 2021-04-05 13:52:25 +02:00 committed by GitHub
commit e2080b39e6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -593,8 +593,8 @@ in {
# password or an SSH authorized key. Privileged accounts are
# root and users in the wheel group.
assertion = !cfg.mutableUsers ->
any id ((mapAttrsToList (name: cfg:
(name == "root"
any id ((mapAttrsToList (_: cfg:
(cfg.name == "root"
|| cfg.group == "wheel"
|| elem "wheel" cfg.extraGroups)
&&
@ -615,16 +615,16 @@ in {
assertion = (user.hashedPassword != null)
-> (builtins.match ".*:.*" user.hashedPassword == null);
message = ''
The password hash of user "${name}" contains a ":" character.
The password hash of user "${user.name}" contains a ":" character.
This is invalid and would break the login system because the fields
of /etc/shadow (file where hashes are stored) are colon-separated.
Please check the value of option `users.users."${name}".hashedPassword`.'';
Please check the value of option `users.users."${user.name}".hashedPassword`.'';
}
);
warnings =
builtins.filter (x: x != null) (
flip mapAttrsToList cfg.users (name: user:
flip mapAttrsToList cfg.users (_: user:
# This regex matches a subset of the Modular Crypto Format (MCF)[1]
# informal standard. Since this depends largely on the OS or the
# specific implementation of crypt(3) we only support the (sane)
@ -647,9 +647,9 @@ in {
&& user.hashedPassword != "" # login without password
&& builtins.match mcf user.hashedPassword == null)
then ''
The password hash of user "${name}" may be invalid. You must set a
The password hash of user "${user.name}" may be invalid. You must set a
valid hash or the user will be locked out of their account. Please
check the value of option `users.users."${name}".hashedPassword`.''
check the value of option `users.users."${user.name}".hashedPassword`.''
else null
));