gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixosTests.password-option-override-ordering: fix build by removing crypt

Browse Source 
This fixed the build failure of this test.
Python module crypt has been removed since python 3.13.
This PR uses `mkpasswd` to generate the same password for testing.
I have changed the name of the assert_password_match to indicate that
this only woks for sha512crypt algorithm.
This commit is contained in:
Shogo Takata
2025-11-09 12:40:24 -08:00
parent a1b044ba52
commit 8456f8a8cb
1 changed files with 7 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
nixos/tests/password-option-override-ordering.nix
View File

@@ -103,18 +103,17 @@ in
}; };
testScript = '' testScript = ''
import crypt def assert_password_sha512crypt_match(machine, username, password):
def assert_password_match(machine, username, password):
shadow_entry = machine.succeed(f"getent shadow {username}") shadow_entry = machine.succeed(f"getent shadow {username}")
print(shadow_entry) print(shadow_entry)
hash = shadow_entry.split(":")[1] stored_hash = shadow_entry.split(":")[1]
seed = "$".join(hash.split("$")[:-1]) salt = stored_hash.split("$")[2]
assert crypt.crypt(password, seed) == hash, f"{username} user password does not match" pass_hash = machine.succeed(f"mkpasswd -m sha512crypt {password} {salt}").strip()
assert stored_hash == pass_hash, f"{username} user password does not match"
with subtest("alice user has correct password"): with subtest("alice user has correct password"):
for machine in machines: for machine in machines:
assert_password_match(machine, "alice", "${password1}") assert_password_sha512crypt_match(machine, "alice", "${password1}")
assert "${hashed_sha512crypt}" not in machine.succeed("getent shadow alice"), f"{machine}: alice user password is not correct" assert "${hashed_sha512crypt}" not in machine.succeed("getent shadow alice"), f"{machine}: alice user password is not correct"
with subtest("bob user has correct password"): with subtest("bob user has correct password"):
@@ -136,7 +135,7 @@ in
print(mutable.succeed("getent shadow greg")) print(mutable.succeed("getent shadow greg"))
assert "${hashed_sha512crypt}" in mutable.succeed("getent shadow greg"), "greg user password is not correct" assert "${hashed_sha512crypt}" in mutable.succeed("getent shadow greg"), "greg user password is not correct"
assert_password_match(immutable, "greg", "${password1}") assert_password_sha512crypt_match(immutable, "greg", "${password1}")
assert "${hashed_sha512crypt}" not in immutable.succeed("getent shadow greg"), "greg user password is not correct" assert "${hashed_sha512crypt}" not in immutable.succeed("getent shadow greg"), "greg user password is not correct"
for machine in machines: for machine in machines: