Loading pkgs/tools/networking/mailutils/default.nix +5 −1 Original line number Diff line number Diff line Loading @@ -23,6 +23,7 @@ , sasl , system-sendmail , libxcrypt , mkpasswd , pythonSupport ? true , guileSupport ? true Loading Loading @@ -79,6 +80,9 @@ stdenv.mkDerivation rec { url = "https://lists.gnu.org/archive/html/bug-mailutils/2020-11/txtiNjqcNpqOk.txt"; sha256 = "0ghzqb8qx2q8cffbvqzw19mivv7r5f16whplzhm7hdj0j2i6xf6s"; }) # https://github.com/NixOS/nixpkgs/issues/223967 # https://lists.gnu.org/archive/html/bug-mailutils/2023-04/msg00000.html ./don-t-use-descrypt-password-in-the-test-suite.patch ]; enableParallelBuilding = true; Loading @@ -94,7 +98,7 @@ stdenv.mkDerivation rec { ] ++ lib.optional (!pythonSupport) "--without-python" ++ lib.optional (!guileSupport) "--without-guile"; nativeCheckInputs = [ dejagnu ]; nativeCheckInputs = [ dejagnu mkpasswd ]; doCheck = !stdenv.isDarwin; # ERROR: All 46 tests were run, 46 failed unexpectedly. doInstallCheck = false; # fails Loading pkgs/tools/networking/mailutils/don-t-use-descrypt-password-in-the-test-suite.patch 0 → 100644 +59 −0 Original line number Diff line number Diff line From 59a1abfa7b339bccfc228f38cc791cdacf4010d4 Mon Sep 17 00:00:00 2001 From: Michal Sojka <michal.sojka@cvut.cz> Date: Sat, 1 Apr 2023 10:59:00 +0200 Subject: [PATCH] Don't use descrypt password in the test suite The descrypt method is not considered strong and some distributions (like NixOS) start compiling libxcrypt without it [1]. To start using different hash methods, it is not sufficient to replace the password hash in testsuite/etc/passwd.in, because differently hashed passwords contain '$' characters (e.g. $y$j9T$lP8UWS9GZ4zfeTVDpmtbr1$dVozXOvWQXLQyhWGX7YyW8TIQTg8EfQLUzYPp3WCWo9) and the test suite replaces '$'-starting strings with values of the corresponding variables. Since I've not found a way to escape dollars for TCL's subst function, we do not hardcode the passwd hash directly to the file, but generate it dynamically and replace it in the file via a variable. [1]: https://github.com/NixOS/nixpkgs/pull/220557 --- pop3d/testsuite/lib/pop3d.exp | 1 + testsuite/etc/passwd.in | 2 +- testsuite/lib/mailutils.exp | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/pop3d/testsuite/lib/pop3d.exp b/pop3d/testsuite/lib/pop3d.exp index 930861d8a..3b67844d2 100644 --- a/pop3d/testsuite/lib/pop3d.exp +++ b/pop3d/testsuite/lib/pop3d.exp @@ -26,6 +26,7 @@ if ![mu_check_capability ENABLE_VIRTUAL_DOMAINS] { } set POP3D_ETC_DIR "$MU_DATA_DIR/etc" +set MU_PASSWD_HASH [exec mkpasswd --method=yescrypt guessme] mu_makespool "$MU_RC_DIR" "$POP3D_ETC_DIR" mu_create_config pop3d diff --git a/testsuite/etc/passwd.in b/testsuite/etc/passwd.in index c4e471b09..b13a75238 100644 --- a/testsuite/etc/passwd.in +++ b/testsuite/etc/passwd.in @@ -1 +1 @@ -user:abld/G2Q2Le2w:1000:1000:Test User:$MU_SPOOL_DIR:/bin/sh +user:$MU_PASSWD_HASH:1000:1000:Test User:$MU_SPOOL_DIR:/bin/sh diff --git a/testsuite/lib/mailutils.exp b/testsuite/lib/mailutils.exp index e4d45c85b..725ccf259 100644 --- a/testsuite/lib/mailutils.exp +++ b/testsuite/lib/mailutils.exp @@ -39,6 +39,7 @@ proc mu_copy_file {src dst} { global MU_FOLDER_DIR global MU_RC_DIR global MU_DATA_DIR + global MU_PASSWD_HASH set input [open $src r] set output [open $dst w] -- 2.39.2 Loading
pkgs/tools/networking/mailutils/default.nix +5 −1 Original line number Diff line number Diff line Loading @@ -23,6 +23,7 @@ , sasl , system-sendmail , libxcrypt , mkpasswd , pythonSupport ? true , guileSupport ? true Loading Loading @@ -79,6 +80,9 @@ stdenv.mkDerivation rec { url = "https://lists.gnu.org/archive/html/bug-mailutils/2020-11/txtiNjqcNpqOk.txt"; sha256 = "0ghzqb8qx2q8cffbvqzw19mivv7r5f16whplzhm7hdj0j2i6xf6s"; }) # https://github.com/NixOS/nixpkgs/issues/223967 # https://lists.gnu.org/archive/html/bug-mailutils/2023-04/msg00000.html ./don-t-use-descrypt-password-in-the-test-suite.patch ]; enableParallelBuilding = true; Loading @@ -94,7 +98,7 @@ stdenv.mkDerivation rec { ] ++ lib.optional (!pythonSupport) "--without-python" ++ lib.optional (!guileSupport) "--without-guile"; nativeCheckInputs = [ dejagnu ]; nativeCheckInputs = [ dejagnu mkpasswd ]; doCheck = !stdenv.isDarwin; # ERROR: All 46 tests were run, 46 failed unexpectedly. doInstallCheck = false; # fails Loading
pkgs/tools/networking/mailutils/don-t-use-descrypt-password-in-the-test-suite.patch 0 → 100644 +59 −0 Original line number Diff line number Diff line From 59a1abfa7b339bccfc228f38cc791cdacf4010d4 Mon Sep 17 00:00:00 2001 From: Michal Sojka <michal.sojka@cvut.cz> Date: Sat, 1 Apr 2023 10:59:00 +0200 Subject: [PATCH] Don't use descrypt password in the test suite The descrypt method is not considered strong and some distributions (like NixOS) start compiling libxcrypt without it [1]. To start using different hash methods, it is not sufficient to replace the password hash in testsuite/etc/passwd.in, because differently hashed passwords contain '$' characters (e.g. $y$j9T$lP8UWS9GZ4zfeTVDpmtbr1$dVozXOvWQXLQyhWGX7YyW8TIQTg8EfQLUzYPp3WCWo9) and the test suite replaces '$'-starting strings with values of the corresponding variables. Since I've not found a way to escape dollars for TCL's subst function, we do not hardcode the passwd hash directly to the file, but generate it dynamically and replace it in the file via a variable. [1]: https://github.com/NixOS/nixpkgs/pull/220557 --- pop3d/testsuite/lib/pop3d.exp | 1 + testsuite/etc/passwd.in | 2 +- testsuite/lib/mailutils.exp | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/pop3d/testsuite/lib/pop3d.exp b/pop3d/testsuite/lib/pop3d.exp index 930861d8a..3b67844d2 100644 --- a/pop3d/testsuite/lib/pop3d.exp +++ b/pop3d/testsuite/lib/pop3d.exp @@ -26,6 +26,7 @@ if ![mu_check_capability ENABLE_VIRTUAL_DOMAINS] { } set POP3D_ETC_DIR "$MU_DATA_DIR/etc" +set MU_PASSWD_HASH [exec mkpasswd --method=yescrypt guessme] mu_makespool "$MU_RC_DIR" "$POP3D_ETC_DIR" mu_create_config pop3d diff --git a/testsuite/etc/passwd.in b/testsuite/etc/passwd.in index c4e471b09..b13a75238 100644 --- a/testsuite/etc/passwd.in +++ b/testsuite/etc/passwd.in @@ -1 +1 @@ -user:abld/G2Q2Le2w:1000:1000:Test User:$MU_SPOOL_DIR:/bin/sh +user:$MU_PASSWD_HASH:1000:1000:Test User:$MU_SPOOL_DIR:/bin/sh diff --git a/testsuite/lib/mailutils.exp b/testsuite/lib/mailutils.exp index e4d45c85b..725ccf259 100644 --- a/testsuite/lib/mailutils.exp +++ b/testsuite/lib/mailutils.exp @@ -39,6 +39,7 @@ proc mu_copy_file {src dst} { global MU_FOLDER_DIR global MU_RC_DIR global MU_DATA_DIR + global MU_PASSWD_HASH set input [open $src r] set output [open $dst w] -- 2.39.2
