Rebuild password update functionality, add tests

2025-04-13 18:57:37 +00:00 · 2024-11-28 13:47:45 +01:00 · 2024-11-28 13:47:45 +01:00 · f5080d12b3
commit f5080d12b3
parent 9a524549d6
2 changed files with 36 additions and 31 deletions
--- a/nixos/modules/installer/netboot/netboot.nix
+++ b/nixos/modules/installer/netboot/netboot.nix
@ -131,33 +131,30 @@ with lib;

    boot.loader.timeout = 10;

-    boot.postBootCommands =
-      ''
-        # After booting, register the contents of the Nix store
-        # in the Nix database in the tmpfs.
-        ${config.nix.package}/bin/nix-store --load-db < /nix/store/nix-path-registration
+    boot.postBootCommands = ''
+      # After booting, register the contents of the Nix store
+      # in the Nix database in the tmpfs.
+      ${config.nix.package}/bin/nix-store --load-db < /nix/store/nix-path-registration

-        # nixos-rebuild also requires a "system" profile and an
-        # /etc/NIXOS tag.
-        touch /etc/NIXOS
-        ${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
-
-        # Set password for user nixos if specified on cmdline
-        # Allows using nixos-anywhere in headless environments
-        for o in $(</proc/cmdline); do
-          case "$o" in
-            live.nixos.passwordHash=*)
-              set -- $(IFS==; echo $o)
-              sed -i "s/nixos::/nixos:$2:/" /etc/shadow
-              ;;
-            live.nixos.password=*)
-              set -- $(IFS==; echo $o)
-              sed -i "s/nixos::/nixos:$(echo $2 | mkpasswd -m sha-512 -s):/" /etc/shadow
-              ;;
-          esac
-        done
-      '';
+      # nixos-rebuild also requires a "system" profile and an
+      # /etc/NIXOS tag.
+      touch /etc/NIXOS
+      ${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system

+      # Set password for user nixos if specified on cmdline
+      # Allows using nixos-anywhere in headless environments
+      for o in $(</proc/cmdline); do
+        case "$o" in
+          live.nixos.passwordHash=*)
+            set -- $(IFS==; echo $o)
+            ${pkgs.gnugrep}/bin/grep -q "root::" /etc/shadow && ${pkgs.shadow}/bin/usermod -p "$2" root
+            ;;
+          live.nixos.password=*)
+            set -- $(IFS==; echo $o)
+            ${pkgs.gnugrep}/bin/grep -q "root::" /etc/shadow && echo "root:$2" | ${pkgs.shadow}/bin/chpasswd
+            ;;
+        esac
+      done
+    '';
  };
-
 }
--- a/nixos/tests/boot.nix
+++ b/nixos/tests/boot.nix
@ -85,11 +85,19 @@ let
    let
      config = (import ../lib/eval-config.nix {
          inherit system;
-          modules =
-            [ ../modules/installer/netboot/netboot.nix
-              ../modules/testing/test-instrumentation.nix
-              { key = "serial"; }
-            ];
+          modules = [
+            ../modules/installer/netboot/netboot.nix
+            ../modules/testing/test-instrumentation.nix
+            {
+              boot.kernelParams = [
+                "serial"
+                "live.nixos.passwordHash=$6$jnwR50SkbLYEq/Vp$wmggwioAkfmwuYqd5hIfatZWS/bO6hewzNIwIrWcgdh7k/fhUzZT29Vil3ioMo94sdji/nipbzwEpxecLZw0d0" # "password"
+              ];
+            }
+            {
+              key = "serial";
+            }
+          ];
        }).config;
      ipxeBootDir = pkgs.symlinkJoin {
        name = "ipxeBootDir";