Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

initrd-ssh: allow empty hostKeys #197382

Merged
merged 1 commit into from Dec 4, 2022
Merged

initrd-ssh: allow empty hostKeys #197382

merged 1 commit into from Dec 4, 2022

Conversation

phaer
Copy link
Member

@phaer phaer commented Oct 23, 2022
edited

This allows users to optionally allow empty host keys for initrd sshd. The original assertion seems to originate in the switch from dropbear to openssh about 3 years ago and makes it impossible to use sshd in your initrd without providing keys at build time. This would be useful for people like me who'd like to optionally generate one or provide them via oob mechanisms.

Description of changes
Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.11 Release Notes (or backporting 22.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@phaer phaer requested a review from dasJ as a code owner October 23, 2022 14:55
@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/prs-ready-for-review/3032/1309

@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/prs-already-reviewed/2617/672

ck3d
ck3d approved these changes Nov 8, 2022
View reviewed changes
Copy link
Contributor

@ck3d ck3d left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

RaitoBezarius
RaitoBezarius reviewed Dec 1, 2022
View reviewed changes
Copy link
Member

@RaitoBezarius RaitoBezarius left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would in favor of:

  • an option ignoreEmptyHostKeys
  • keep the assert and use that flag to override it
  • no warning if ignoreEmptyHostKeys is explicitly set

But I have no strong opinion on this.

@phaer
Copy link
Member Author

phaer commented Dec 3, 2022

@RaitoBezarius Thanks for your input! I agree that's a better design and just changed this PR to implement your recommendation instead.

@RaitoBezarius RaitoBezarius merged commit e1185ea into NixOS:master Dec 4, 2022
@phaer phaer deleted the patch-4 branch December 4, 2022 14:40
phaer added a commit to dep-sys/nix-dabei that referenced this pull request Dec 5, 2022
@phaer
update nixpkgs...
3107108 
- rebased on master
- NixOS/nixpkgs#197382 has been merged.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SuperSandro2000 SuperSandro2000 SuperSandro2000 left review comments

@RaitoBezarius RaitoBezarius RaitoBezarius approved these changes

@ck3d ck3d ck3d approved these changes

@dasJ dasJ Awaiting requested review from dasJ dasJ is a code owner

Assignees
No one assigned
Labels
6.topic: nixos 8.has: module (update) 10.rebuild-darwin: 0 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@phaer @nixos-discourse @RaitoBezarius @SuperSandro2000 @ck3d