diff options
author | Jules Aguillon <jules@j3s.fr> | 2022-01-18 21:56:14 +0100 |
---|---|---|
committer | Jules Aguillon <jules@j3s.fr> | 2022-01-18 22:06:34 +0100 |
commit | df590070b007b2cd2f64647b2780c903506aa21f (patch) | |
tree | f6ee397d2006faabbf778ad54cae355e4b6ddeed /nixos | |
parent | 0f9d1064e72bcc5b9a9ed2f23a75e9a7f1abe951 (diff) | |
download | nixpkgs-df590070b007b2cd2f64647b2780c903506aa21f.tar nixpkgs-df590070b007b2cd2f64647b2780c903506aa21f.tar.gz nixpkgs-df590070b007b2cd2f64647b2780c903506aa21f.tar.bz2 nixpkgs-df590070b007b2cd2f64647b2780c903506aa21f.tar.lz nixpkgs-df590070b007b2cd2f64647b2780c903506aa21f.tar.xz nixpkgs-df590070b007b2cd2f64647b2780c903506aa21f.tar.zst nixpkgs-df590070b007b2cd2f64647b2780c903506aa21f.zip |
types.singleLineStr: strings that don't contain '\n'
Add a new type, inheriting 'types.str' but checking whether the value doesn't contain any newline characters. The motivation comes from a problem with the 'users.users.${u}.openssh.authorizedKeys' option. It is easy to unintentionally insert a newline character at the end of a string, or even in the middle, for example: restricted_ssh_keys = command: keys: let prefix = '' command="${command}",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding ''; in map (key: "${prefix} ${key}") keys; The 'prefix' string ends with a newline, which ends up in the middle of a key entry after a few manipulations. This is problematic because the key file is built by concatenating all the keys with 'concatStringsSep "\n"', with result in two entries for the faulty key: '' command="...",options... MY_KEY '' This is hard to debug and might be dangerous. This is now caught at build time.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 004b4f99670..52a1982b3f0 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -30,7 +30,7 @@ let options.openssh.authorizedKeys = { keys = mkOption { - type = types.listOf types.str; + type = types.listOf types.singleLineStr; default = []; description = '' A list of verbatim OpenSSH public keys that should be added to the |