From f0107b4f63a70925050954f647d14f6e256362d8 Mon Sep 17 00:00:00 2001 From: nicoo Date: Thu, 7 Sep 2023 14:38:51 +0000 Subject: [PATCH] nixos/sudo: Check syntax using the configured package This is preferable even for regular `sudo`, but will ensure the check is useful when using `sudo-rs` in the future. Also, dropped antediluvian comment about the syntax check being disabled, when it was clearly not commented out: - introduced in 2007, commit 6d65f0ae03ae14f3e978d89959253d9a8f5e0ec1; - reverted in 2014, commit e68a5b265a96134243a1572f43dfc4ff75dd082b, but without ammending the comments. --- nixos/modules/security/sudo.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix index 4bf214f73eaf..528c230686f7 100644 --- a/nixos/modules/security/sudo.nix +++ b/nixos/modules/security/sudo.nix @@ -283,9 +283,7 @@ in src = pkgs.writeText "sudoers-in" cfg.configFile; preferLocalBuild = true; } - # Make sure that the sudoers file is syntactically valid. - # (currently disabled - NIXOS-66) - "${pkgs.buildPackages.sudo}/sbin/visudo -f $src -c && cp $src $out"; + "${cfg.package}/bin/visudo -f $src -c && cp $src $out"; mode = "0440"; };