Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: 4edbd027e23f
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: eb7c11d55244
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on May 24, 2019

  1. nixos/sshd: validate ssh configs during build 

    With `sshd -t` config validation for SSH is possible. Until now, the
config generated by Nix was applied without any validation (which is
especially a problem for advanced config like `Match` blocks).

When deploying broken ssh config with nixops to a remote machine it gets
even harder to fix the problem due to the broken ssh that makes reverts
with nixops impossible.

This change performs the validation in a Nix build environment by
creating a store path with the config and generating a mocked host key
which seems to be needed for the validation. With a broken config, the
deployment already fails during the build of the derivation.

The original attempt was done in #56345 by adding a submodule for Match
groups to make it harder screwing that up, however that made the module
far more complex and config should be described in an easier way as
described in NixOS/rfcs#42.
    @Ma27
    Ma27 committed May 24, 2019
    Copy the full SHA
    00a5222 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #58718 from Ma27/validate-ssh-configs 

    nixos/sshd: validate ssh configs during build
    @fpletz
    fpletz committed May 24, 2019
    Copy the full SHA
    eb7c11d View commit details
    Browse the repository at this point in the history