Sender | Message | Time |
---|---|---|
16 Oct 2023 | ||
Artturin | failState successState | 06:12:13 |
l0b0 | Weird. I just tried this:
Couldn't get it to fail when the configuration was bad. | 06:15:40 |
Artturin | Btw it's possible to add env vars to the systemd-run env
| 06:17:55 |
Artturin | * Btw it's possible to add env vars to the systemd-run env
| 06:18:27 |
Artturin | In reply to @vengmark2:matrix.orgAll the outputted thing should be in the output | 06:20:24 |
Artturin | did it print the expected output but just didn't fail | 06:20:34 |
l0b0 | OIC, ${serverName}.wait_for_unit(service_name) doesn't wait long enough, so the next line just never talks to ssh-audit . | 06:22:36 |
l0b0 | I think I might still need the sleep(5) then. | 06:23:00 |
Artturin | hm yeah it just waits for active | 06:23:19 |
l0b0 | Because there's just no way to check that the port is open without shutting down ssh-audit . | 06:23:28 |
l0b0 | Yay, it worked! This is something I've been hoping to be able to do for years. Thank you, Artturin ! | 07:05:48 |
Artturin | l0b0: That tests looks like it could be added to nixpkgs | 07:45:32 |
Artturin | and added to the package | 07:46:15 |
Artturin | * and added to the package's passthru.tests | 07:46:22 |
Artturin | hmm well there's your ssh-server.nix and ssh-client.nix | 07:47:28 |
Artturin | well if you can think of a way im sure it would be useful | 07:47:48 |
Artturin | Not exactly sure what it's testing | 07:48:10 |
l0b0 | It's checking that my configuration conforms to best practices as recommended by ssh-audit . I'm no SSH/security expert, but at least some of the recommendations make sense. | 07:49:19 |
l0b0 | It might be useful as a demo for what could be considered a secure configuration (at least by some segment of users) "right now", rather than just using the OpenSSH defaults like NixOS does. | 07:50:41 |
l0b0 | Just waiting for a giant 23.05 upgrade (for some reason), will have a look afterwards. | 07:51:16 |
l0b0 | * It's checking that my configuration conforms to best practices as recommended by ssh-audit . I'm no SSH/security expert, but at least some of the recommendations (like not allowing SHA-1 algos) make sense. | 07:51:46 |
Artturin | In reply to @vengmark2:matrix.orgstaging-next-23.05 was merged a few days ago with security fixes (curl etc) | 07:53:54 |
l0b0 | https://github.com/NixOS/nixpkgs/pull/261356 - a bit quick, but I gotta sleep. | 08:57:20 |
18 Oct 2023 | ||
Alex S changed their display name from ultra (NixOS integrated with PackageKit wen) to Alex S. | 10:00:58 | |
23 Oct 2023 | ||
raitobezarius | I'm adopting https://github.com/NixOS/nixpkgs/pull/157161/files | 12:48:35 |
raitobezarius | to try to get it sync with the timeout PR | 12:48:43 |
raitobezarius | so we can have super nice tests | 12:48:46 |
raitobezarius | nikstur: help me | 12:51:07 |
raitobezarius | and get blitz to help me too | 12:51:16 |
24 Oct 2023 | ||
raitobezarius | Robert Hensing (roberth): I see that you recommended testBuildFailure but it relies on drv.overrideAttrs to perform the inversion of success internally | 01:00:50 |