From d1ce5c501eda57fa2d66301b9eab245129b3a253 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Sun, 22 Dec 2024 15:35:41 +0100 Subject: [PATCH] nixos/tests/systemd-sysusers-password-option-override-ordering: clarify SetCredential check It was kinda weird to assert that the clear-text password was in the unit when the hashed password was the effective one. This change makes it explicit that both are in there and the latter takes precedence. (cherry picked from commit da2c826e1afe3ad1cfbc394dcd411bab2206ae78) --- .../systemd-sysusers-password-option-override-ordering.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/tests/systemd-sysusers-password-option-override-ordering.nix b/nixos/tests/systemd-sysusers-password-option-override-ordering.nix index 4cb13512549c7..4622459e77df3 100644 --- a/nixos/tests/systemd-sysusers-password-option-override-ordering.nix +++ b/nixos/tests/systemd-sysusers-password-option-override-ordering.nix @@ -5,10 +5,8 @@ }: let password = "test"; - password1 = "test1"; hashedPassword = "$y$j9T$wLgKY231.8j.ciV2MfEXe1$P0k5j3bCwHgnwW0Ive3w4knrgpiA4TzhCYLAnHvDZ51"; # test hashedPassword1 = "$y$j9T$s8TyQJtNImvobhGM5Nlez0$3E8/O8EVGuA4sr1OQmrzi8GrRcy/AEhj454JjAn72A2"; # test - hashed_sha512crypt = "$6$ymzs8WINZ5wGwQcV$VC2S0cQiX8NVukOLymysTPn4v1zJoJp3NGyhnqyv/dAf4NWZsBWYveQcj6gEJr4ZUjRBRjM0Pj1L8TCQ8hUUp0"; # meow hashedPasswordFile = pkgs.writeText "hashed-password" hashedPassword1; in @@ -57,7 +55,9 @@ in with subtest("systemd-sysusers.service contains the credentials"): sysusers_service = machine.succeed("systemctl cat systemd-sysusers.service") print(sysusers_service) + # Both are in the unit, but the hashed password takes precedence as shown below. assert "SetCredential=passwd.plaintext-password.alice:${password}" in sysusers_service + assert "SetCredential=passwd.hashed-password.alice:${hashedPassword}" in sysusers_service with subtest("Correct mode on the password files"): assert machine.succeed("stat -c '%a' /etc/passwd") == "644\n"